Re: Fwd: [Cryptography] Why arenʼt we using SSH for everything?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



All our protocol extensions are documented in PROTOCOL.* in our source.
Other open-source implementations have adopted some of our extensions
(e.g. OpenSSH certificates in Go's x/crypto/ssh, chacha20-poly1305 in
tinyssh) and we have adopted extensions from other open-source
implementations (e.g. curve25519-sha256@xxxxxxxxxx).

I've kinda given up trying to write things up for the IETF. It's dominated
by commerical vendors and people with more inclination to argue on mailing
lists than write good software (cf. the sftp process).

-d

On Mon, 5 Jan 2015, grarpamp wrote:

> There were a few notes in this thread that may indicate
> open areas for development. I forward merely as FYI.
> 
> http://www.metzdowd.com/pipermail/cryptography/2015-January/024231.html
> 
> ---------- Forwarded message ----------
> From: Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>
> Date: Sun, Jan 4, 2015 at 9:29 PM
> Subject: Re: [Cryptography] Why aren?t we using SSH for everything?
> To: calestyo@xxxxxxxxxxxx, pgut001@xxxxxxxxxxxxxxxxx
> Cc: cryptography@xxxxxxxxxxxx
> 
> Christoph Anton Mitterer <calestyo@xxxxxxxxxxxx> writes:
> >On Sun, 2015-01-04 at 18:54 +1300, Peter Gutmann wrote:
> >> TLS finally fixed this after a year-long battle to get the change accepted.  I
> >> also suggested it to the SSH folks but they weren't interested, and after the
> >> fight it took to get it into TLS I just didn't have the energy to go through
> >> the same thing for SSH.
> >
> >$ ssh -Q mac | grep etm
> >hmac-sha1-etm@xxxxxxxxxxx
> >hmac-sha1-96-etm@xxxxxxxxxxx
> >hmac-sha2-256-etm@xxxxxxxxxxx
> >hmac-sha2-512-etm@xxxxxxxxxxx
> >hmac-md5-etm@xxxxxxxxxxx
> >hmac-md5-96-etm@xxxxxxxxxxx
> >hmac-ripemd160-etm@xxxxxxxxxxx
> >umac-64-etm@xxxxxxxxxxx
> >umac-128-etm@xxxxxxxxxxx
> 
> I've done the same thing, but the problem is that a bunch of (probably)
> incompatible vendor-specific extensions doesn't profit the community as a
> whole.  If anyone from OpenSSH would like to get in touch, we can (a) see if
> what we're doing is interoperable and (b) document it in an RFC for general
> adoption.
> 
> Peter.
> _______________________________________________
> The cryptography mailing list
> cryptography@xxxxxxxxxxxx
> http://www.metzdowd.com/mailman/listinfo/cryptography
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux